Microsoft Vendors Must Meet Tough SSPA Security Standards; 360 Advanced Offers Audits to Assess Your MSSPA Compliance
June 16, 2015 prod360
TAMPA, Fla., June 16, 2015 (GLOBE NEWSWIRE) — As Microsoft continues to require its data management vendors to comply with its Supplier Security and Privacy Assurance Program (MSSPA), leading Tampa-based IT audit firm 360 Advanced is meeting increasing demand by offering MSSPA attestation services to help vendors achieve compliance.
The Microsoft SSPA initiative is designed to standardize and strengthen the handling of “Microsoft Sensitive Information and/or Microsoft Personal Information.”
Microsoft says the designation Sensitive Information includes, but is not limited to: Microsoft hardware and software products, internal line-of-business applications, pre-release marketing materials, product license keys, and technical documentations related to Microsoft products and services.
Microsoft defines the category of Personal Information to include, but is not limited to: name, address, phone number, fax number, email address, social security number, passport number, other government-issued identifiers, and credit card information.
“In terms of both sensitive and personal data security requirements and third parties, Microsoft is becoming one of the most attentive companies in the world, and that means its vendors must meet a set of rigorous standards of compliance that must be assessed and confirmed by an outside firm like ours with significant experience in more than a dozen levels of specialized IT audits,” commented Dan Collins, President of 360 Advanced, Inc. (www.360advanced.com), a national, multi-service, licensed Certified Public Accounting (CPA) and Qualified Security Assessor (QSA) firm that specializes in integrated compliance solutions for service providers.
“We are very good with educating our clients about this process and developing a strategy that meets short and long term goals and requirements. And, we can collaborate on an initiative that will keep Microsoft at bay until compliance can be properly achieved,” Collins said.
Collins explained that in lieu of compliance with MSSPA, Microsoft may accept alternative compliance attestation or assessments such a third-party Health Insurance Portability and Accountability Act (HIPAA) assessment, the American Institute of Certified Public Accountants Service Organization Control Reports (SOC 2), the Payment Card Industry Data Security Standard (PCI), and/or ISO 27001 certification depending on the nature and sensitivity of the data.
ABOUT 360 ADVANCED
360 Advanced, Inc. is a national, multi-service, licensed Certified Public Accounting (CPA) and Qualified Security Assessor (QSA) firm that specializes in integrated compliance solutions for service providers related to internal controls, security, confidentiality, privacy, processing integrity, availability and other elements critical to information surety.
360 Advanced, Inc. has clients in more than 40 states and several countries that are major service providers in various industries, including cloud and SAAS based organizations. 360 Advanced is one of only a few specialized firms in the U.S. that assist service providers as their independent assessor/advisor in developing, maintaining and communicating security and compliance to their clients. Services provided by 360 Advanced include SOC 1: SSAE 16 (SAS 70); SOC 2: AT 101 Attestation; SOC 3: SysTrust & WebTrust; PCI DSS, Experian E13PA; HIPAA Security/HITECH; ISO 27001, 2700;